Ten Common Cyber Security Myths
Myth #1: This can’t happen to me, only important or rich people are targeted.
This security myth is called security through obscurity.
In other words, it’s considered that the internet is such a big place that no one cares about you. And even if someone should try to attack your system, there wouldn’t be much valuable data to steal.
In most cases, users who embrace this kind of thinking don’t actually want to spend much time addressing their system vulnerabilities.
Such wishful thinking often ends with a costly cyber attack.
This happens because it’s not about how important you are. It’s not personal. Cyber criminals use automated tools to exploit your system’s vulnerabilities.
And they’ll take anything they can get, from your personal information to your internet-connected resources. Yes, even that’s a valuable asset, since they can be used for further malicious activities.
Even if you think that you’re not important or that your personal or financial data is insignificant, an identity thief or cyber criminal can still exploit the small amount of information discovered about you.
They can cross-reference it with information taken from other sources (social networks) and gain a more complete picture of your online identity and personal information.
So stop thinking that nobody will attack you and that you’re safe. As long as you have a digital identity, you’re a valuable target.
Myth #2: If I install a security application I’ll be fine.
Putting your trust into one security program that’s supposed to cover your system, your online actions, keep you safe against data and financial stealing malware and other non-traditional attack vectors means that you place too much trust in a single line of defense.
What you need is to think about your system the same way you would imagine a fortress: the treasure in the middle and all the defensive walls around it, that keep the enemies at bay.
One by one, you need to build those security walls. Don’t place your trust in a single one. More than anything, you need to stay vigilant with your security practices.
Myth #3: I don’t need security software, I don’t access unsafe locations.
The truth is, many people believe that common sense is enough to stay safe from malware, phishing, identity theft and other nasty online threats.
And, if they’re just thinking about spam email attachments or clicking on intrusive pop-up ads, they may be right.
But these threats are not the only danger. There are plenty of other malware attacks and vulnerabilities that are not visible.
Cyber attackers are able to exploit safe websites and insert malware into their ads that ultimately can infect your devices.
You can access a safe, perfectly legitimate website that doesn’t even require you to click on something and still get infected.
Malicious software strains and their methods of spreading are in constant evolution. Just because they can’t be noticed, it doesn’t mean that they’re not there.
To be safe online is quite similar to driving your car. You may have common sense and pay attention to potential dangers, but can you always predict yourself from what others around you are doing?
And there’s also the increasing danger posed by financial stealing malware. It’s supposed to stay hidden while collecting precious data from your banking operations, so it could be days, even months until you become aware of its existence.
Do you still believe you don’t need security?
Myth #4: I set a strong and complex password to my account, so I’ll be OK.
Yes, it’s strongly recommended that you set a strong password, don’t skip this essential step.
It should be one that has more than 15 characters, both upper and lower cases, and must contain various numbers and symbols. Set a random one, so it will be even more difficult for someone trying to break it.
But keep in mind that having a strong password is not enough to keep cyber criminals away.
It’s just one of the many security layers that will keep you safe.
The next safety measure that you should check: your password should be unique. Don’t reuse it between accounts, otherwise a cyber criminal will have access to all your digital assets, just by breaching one of those accounts.
Also, make sure you activate second-factor authentication wherever it’s available. It will work as an extra defensive wall that’s even harder to be knocked down.
The problem is, these long, unique and complex passwords have a major inconvenience: they are hard to remember.
We all have tens of digital accounts, so it’s easy to understand how setting these passwords, changing them constantly and still remembering them can become a burden.
Try not to write them down, not on your PC, not in an email draft, not on some piece of paper that you keep on your desk. This will only increase the risk of unauthorized access to your accounts.
Instead, to make things easier, you can keep them safe (and encrypted) with a password management software such as LastPass. It will also notify you if the passwords you set are too easy or not unique
Myth #5: Internet security is expensive.
Our modern generation spends most of its time online. Our activities do not include only socializing with friends on social media networks, but we also work online, shop online, access our bank accounts and so on.
Internet access isn’t just a simple way of losing time and entertaining, it’s an integrated part of our lives.
How difficult is it for a cyber criminal to use the information we provide on our Facebook account and correlate it with data obtained from malicious software that infected our system?
And from that point, how far is the moment when our identity is being used for malicious purposes?
We all hear about cases when someone’s online identity has been stolen and money removed from the banking account. What we don’t hear is that recovering from such attacks takes time, perhaps even years.
And since an attack can occur from any part of the world, the perpetrators are rarely brought to justice.
When you draw the line, you realize that not having a proactive internet security approach is actually more expensive.
With this information in mind, should we still take a chance online?
Myth #6: I only open emails from my friends, so I’m safe.
This is a perfectly valid argument. Until you find out that you were tricked and that email just appeared to be from someone you know.
How many of us already received a strange email from a friend or from a work colleague?
It’s not difficult to spoof an email in order to display anyone’s name as being the sender.
For someone who is less trained into detecting suspicious emails, all it takes is one click before getting infected with malware.
Clicking on links or downloading the email attachments that you receive may easily install on your system some dangerous financial stealing malware, that will remain hidden until the cyber crook gets all your information.
Such emails may also appear to be coming from your work colleagues or financial institutions. They can look real enough to trick you into giving away your sensitive information.
Myth #7: I only download and access information from trusted sources. This keeps me protected.
This security myth is difficult to break.
Most people think that accessing safe and secure locations (and even downloading from those websites) will not lead to any problems.
Another common misconception,
“It’s on the internet so it must be safe, otherwise it would have been taken down by law enforcement agencies”.
The reality is quite different. Even if we access and download from a trusted source, we are still vulnerable to online dangers.
Illegal websites can be launched overnight and disappear just as quickly, but they can also last for years and not get taken down. So don’t count on law enforcement agencies, they’re usually overworked and can’t keep up with cyber criminals’ shenanigans.
Malicious software developed by crooks is designed to remain hidden from classical antivirus detection.
To stay safe, you can install specially designed software that acts in a proactive way, before getting infected and leaking your data to malicious hackers. It offers a layer of security that works complementary to the reactive nature of normal antivirus products.
Myth #8: My social networks are safe places. Friends will be friends.
Are you sure about that?
With the increasing popularity of social networks and their hundreds of millions of users, you can be sure that cyber criminals will have a presence there as well. They can smell all the potential new victims.
Since so many people are so easily connected, scammers have developed sophisticated tricks that target these networks.
If online criminals can place malicious content like drive-by downloads and pop-up ads on safe websites, they can do the same with social media accounts.
Another danger encountered on social media accounts is posed by fake profiles and personas created by cyber criminals. These are used to collect personal information about others.
That information might seem irrelevant, but it will aid them in the commission of fraud and identity theft. Be careful who you add to your list of friends.
Myth #9. I don’t have important information or sensitive data on my system / email account. Why should I worry?
Sure you do. You’re just not aware of it. Or you don’t consider it valuable.
Didn’t you let your browser remember all your passwords for your online accounts, banking websites and e-mail address?
Isn’t your email account filled with personal conversations and photos? What about work contracts, invoices, tax forms?
And didn’t you connect it to all your other digital accounts, such as social networks, work accounts, cloud services, banking apps and so on?
You may think that your data is not important, but cyber criminals collect and assemble such information. Later on, they can use it to steal your identity or sell your information on the dark market.
And even when there is no actual data for a cyber criminal on your system, they still can use your device for their own malicious purposes.
Myth #10: If I get infected, I’ll know right away.
Don’t be so sure about this.
Indeed, this used to be true. In the past, when computers started to run slow and get annoying pop-ups all over the screen, it was a sure sign of infection.
Nowadays, cyber criminals improved their methods. They are more efficient and know how to disguise their attacks. In most cases, users can’t tell if their system is involved in spam campaigns or coordinated DDoS attacks.
Malware is built to be undetectable and untraceable even by antivirus software, in order to retrieve the needed sensitive information. It may be months before you even notice.
Install a good antivirus product against classical attacks and a security program against financial and data stealing malware, stay up to date with the latest security news and don’t forget to back it up!
Conclusion
The main problem with these cyber security myths is that they give you a false sense of security.
Malicious hackers do what they do by placing themselves in your own shoes. They know that most internet users show “safe” internet behaviors. As a result, a lot of effort goes into disguising themselves and their plans as legitimate entities.
The most successful email phishing attacks are those that seem like the genuine thing.
That’s why it’s important for you to always be prepared and not fall into this false sense of security.
This course is presented in partnership with Heimdal Security – a worldwide leader in enterprise and consumer cyber security solutions.
